Added all files

examples/026_vault/control.yml

@@ -0,0 +1,5 @@
+---
+- hosts: control
+  become: true
+  roles:
+    - control

examples/026_vault/database.yml

@@ -0,0 +1,8 @@
+---
+- hosts: database
+  become: true
+  roles:
+    - role: mysql
+      db_user_name: "{{ db_user }}"
+      db_user_pass: "{{ db_pass }}"
+      db_user_host: '%'

examples/026_vault/group_vars/all

@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+34663065306632666162353539363635666666653431636164316639303935613066643837303234
+3330306265323566313134623831613361336262666562340a383330396362383333383462336363
+37616534393332313163633063303436653862343431633834396538363739373435396338323162
+3230356333323765300a346436343931636134656237613633646662663637333635356563373565
+31343938333731316439353938646536333531313439643233393932303134383763376464336434
+63656634316561656337633566643430643634663333356231376534636138396533326462303836
+30336561623364643936336662616431383062636438366136313466396639633332383062313830
+34393836666638316233353563653265303264636333643139393563386362363031373362353435
+63373962343664373834333237333331393833646236386139633837303461626266383037303032
+33303230303864306639363936616635333436383431666435343931306531313461363664366632
+63363562326665646438636364303465303161633234333863653162643739653566626430386430
+32383266626237623739376233633434636362646630376139353364333835623532363164636565
+33633134636239333132353135623266393838653139656332383562653030346634306666363664
+3038366163306633326466393537353966656265386238363338

examples/026_vault/loadbalancer.yml

@@ -0,0 +1,5 @@
+---
+- hosts: loadbalancer
+  become: true
+  roles:
+    - nginx

examples/026_vault/playbooks/hostname.yml

@@ -0,0 +1,5 @@
+---
+  - hosts: all
+    tasks:
+      - name: get server hostname
+        command: hostname

examples/026_vault/playbooks/stack_restart.yml

@@ -0,0 +1,33 @@
+---
+# Bring stack down
+- hosts: loadbalancer
+  become: true
+  tasks:
+    - service: name=nginx state=stopped
+    - wait_for: port=80 state=drained
+
+- hosts: webserver
+  become: true
+  tasks:
+    - service: name=apache2 state=stopped
+    - wait_for: port=80 state=stopped
+
+# Restart mysql
+- hosts: database
+  become: true
+  tasks:
+    - service: name=mysql state=restarted
+    - wait_for: host={{ ansible_eth0.ipv4.address }} port=3306 state=started
+
+# Bring stack up
+- hosts: webserver
+  become: true
+  tasks:
+    - service: name=apache2 state=started
+    - wait_for: port=80
+
+- hosts: loadbalancer
+  become: true
+  tasks:
+    - service: name=nginx state=started
+    - wait_for: port=80

examples/026_vault/playbooks/stack_status.yml

@@ -0,0 +1,67 @@
+---
+- hosts: loadbalancer
+  become: true
+  tasks:
+    - name: verify nginx service
+      command: service nginx status
+
+    - name: verify nginx is listening on 80
+      wait_for: port=80 timeout=1
+
+- hosts: webserver
+  become: true
+  tasks:
+    - name: verify apache2 service
+      command: service apache2 status
+
+    - name: verify apache2 is listening on 80
+      wait_for: port=80 timeout=1
+
+- hosts: database
+  become: true
+  tasks:
+    - name: verify mysql service
+      command: service mysql status
+
+    - name: verify mysql is listening on 3306
+      wait_for: port=3306 timeout=1
+
+- hosts: control
+  tasks:
+    - name: verify end-to-end index response
+      uri: url=http://{{item}} return_content=yes
+      with_items: "{{ groups.loadbalancer }}"
+      register: lb_index
+
+    - fail: msg="index failed to return content"
+      when: "'Hello, from sunny'  not in item.content"
+      with_items: "{{lb_index.results}}"
+
+    - name: verify end-to-end db response
+      uri: url=http://{{item}}/db return_content=yes
+      with_items: "{{ groups.loadbalancer }}"
+      register: lb_db
+
+    - fail: msg="db failed to return content"
+      when: "'Database Connected from' not in item.content"
+      with_items: "{{lb_db.results}}"
+
+- hosts: loadbalancer
+  tasks:
+    - name: verify backend index response
+      uri: url=http://{{item}} return_content=yes
+      with_items: "{{ groups.webserver }}"
+      register: app_index
+
+#    - fail: msg="index failed to return content"
+#      when: "'Hello, from sunny {{ item.content }}!' not in item.content"
+#      with_items: "{{app_index.results}}"
+
+    - name: verify backend db response
+      uri: url=http://{{item}}/db return_content=yes
+      with_items: "{{ groups.webserver }}"
+      register: app_db
+
+#    - fail: msg="db failed to return content"
+#      when: "'Database Connected from {{ item.item }}!' not in item.content"
+#      with_items: "{{app_db.results}}"

examples/026_vault/roles/apache2/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

examples/026_vault/roles/apache2/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for apache2

examples/026_vault/roles/apache2/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart apache2
+  service: name=apache2 state=restarted

examples/026_vault/roles/apache2/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

examples/026_vault/roles/apache2/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: install web components
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - apache2
+    - libapache2-mod-wsgi-py3
+
+- name: ensure mod_wsgi enabled
+  apache2_module: state=present name=wsgi
+  notify: restart apache2
+
+- name: de-activate default apache site
+  file: path=/etc/apache2/sites-enabled/000-default.conf state=absent
+  notify: restart apache2
+
+- name: ensure apache2 started
+  service: name=apache2 state=started enabled=yes

examples/026_vault/roles/apache2/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for apache2

examples/026_vault/roles/control/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

examples/026_vault/roles/control/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for control

examples/026_vault/roles/control/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for control

examples/026_vault/roles/control/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

examples/026_vault/roles/control/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: install tools
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - curl
+    - python-httplib2

examples/026_vault/roles/control/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for control

examples/026_vault/roles/demo_app/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

examples/026_vault/roles/demo_app/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for demo_app

examples/026_vault/roles/demo_app/files/demo/app/demo.py

@@ -0,0 +1,20 @@
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+import os, socket
+
+app = Flask(__name__)
+app.config['SQLALCHEMY_DATABASE_URI'] = os.environ['DATABASE_URI']
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+db = SQLAlchemy(app)
+hostname = socket.gethostname()
+
+@app.route('/')
+def index():
+  return 'Hello, from sunny %s!\n' % hostname
+
+@app.route('/db')
+def dbtest():
+  return 'Database Connected from %s!\n' % hostname
+
+if __name__ == '__main__':
+  app.run()

examples/026_vault/roles/demo_app/files/demo/app/demo.wsgi

@@ -0,0 +1,10 @@
+activate_this = '/var/www/demo/.venv/bin/activate_this.py'
+exec(open(activate_this).read(), {'__file__': activate_this})
+
+import os
+os.environ['DATABASE_URI'] = 'mysql://demo:demo@db01/demo'
+
+import sys
+sys.path.insert(0, '/var/www/demo')
+
+from demo import app as application

examples/026_vault/roles/demo_app/files/demo/app/requirements.txt

@@ -0,0 +1,9 @@
+click==7.1.2
+Flask==1.1.4
+Flask-SQLAlchemy==2.5.1
+greenlet==1.1.2
+itsdangerous==1.1.0
+Jinja2==2.11.3
+MarkupSafe==2.0.1
+SQLAlchemy==1.4.32
+Werkzeug==1.0.1

examples/026_vault/roles/demo_app/files/demo/demo.conf

@@ -0,0 +1,11 @@
+<VirtualHost *>
+    WSGIDaemonProcess demo threads=5
+    WSGIScriptAlias / /var/www/demo/demo.wsgi
+
+    <Directory /var/www/demo>
+        WSGIProcessGroup demo
+        WSGIApplicationGroup %{GLOBAL}
+        Order deny,allow
+        Allow from all
+    </Directory>
+</VirtualHost>

examples/026_vault/roles/demo_app/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart apache2
+  service: name=apache2 state=restarted

examples/026_vault/roles/demo_app/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

examples/026_vault/roles/demo_app/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: install web components
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - python-pip-whl
+    - python3-virtualenv
+    - python3-mysqldb
+
+- name: copy demo app source
+  copy: src=demo/app/ dest=/var/www/demo mode=0755
+  notify: restart apache2
+
+- name: copy demo.wsgi
+  template: src=demo.wsgi.j2 dest=/var/www/demo/demo.wsgi mode=0755
+  notify: restart apache2
+
+- name: copy apache virtual host config
+  copy: src=demo/demo.conf dest=/etc/apache2/sites-available mode=0755
+  notify: restart apache2
+
+- name: setup python virtualenv
+  pip: requirements=/var/www/demo/requirements.txt virtualenv=/var/www/demo/.venv
+  notify: restart apache2
+
+- name: activate demo apache site
+  file: src=/etc/apache2/sites-available/demo.conf dest=/etc/apache2/sites-enabled/demo.conf state=link
+  notify: restart apache2

examples/026_vault/roles/demo_app/templates/demo.wsgi.j2

@@ -0,0 +1,10 @@
+activate_this = '/var/www/demo/.venv/bin/activate_this.py'
+exec(open(activate_this).read(), {'__file__': activate_this})
+
+import os
+os.environ['DATABASE_URI'] = 'mysql://{{ db_user }}:{{ db_pass }}@{{ groups.database[0] }}/{{ db_name }}'
+
+import sys
+sys.path.insert(0, '/var/www/demo')
+
+from demo import app as application

examples/026_vault/roles/demo_app/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for demo_app

examples/026_vault/roles/mysql/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

examples/026_vault/roles/mysql/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+#db_name: myapp
+#db_user_name: dbuser
+#db_user_pass: dbpass
+#db_user_host: localhost

examples/026_vault/roles/mysql/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart mysql
+  service: name=mysql state=restarted

examples/026_vault/roles/mysql/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

examples/026_vault/roles/mysql/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: install tools
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - python3-mysqldb
+
+- name: install mysql-server
+  apt: name=mysql-server state=present update_cache=yes
+
+- name: chmod 777 /etc/mysql/my.cnf
+  command: chmod 777 /etc/mysql/my.cnf
+  notify: restart mysql
+
+- name: ensure mysql listening on all ports
+  lineinfile: dest=/etc/mysql/my.cnf regexp=^bind-address
+              line="bind-address = {{ ansible_eth0.ipv4.address }}"
+  notify: restart mysql
+
+- name: ensure mysql started
+  service: name=mysql state=started enabled=yes
+
+- name: create database
+  mysql_db: name={{ db_name }} state=present
+
+- name: create user
+  mysql_user: name={{ db_user_name }} password={{ db_user_pass }} priv={{ db_name }}.*:ALL
+              host='{{ db_user_host }}' state=present

examples/026_vault/roles/mysql/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for mysql

examples/026_vault/roles/nginx/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

examples/026_vault/roles/nginx/defaults/main.yml

@@ -0,0 +1,5 @@
+#---
+#sites:
+#  myapp:
+#    frontend: 80
+#    backend: 80

examples/026_vault/roles/nginx/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart nginx
+  service: name=nginx state=restarted

examples/026_vault/roles/nginx/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

examples/026_vault/roles/nginx/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: install tools
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - python-httplib2
+
+- name: install nginx
+  apt: name=nginx state=present update_cache=yes
+
+- name: configure nginx sites
+  template: src=nginx.conf.j2 dest=/etc/nginx/sites-available/{{ item.key }} mode=0644
+  with_dict: "{{ sites }}"
+  notify: restart nginx
+
+- name: get active sites
+  shell: ls -l /etc/nginx/sites-enabled
+  register: result
+
+- name: de-activate default
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  notify: restart nginx
+
+- name: de-activate sites
+  file: path=/etc/nginx/sites-enabled/{{ item }} state=absent
+  with_items: active.stdout_lines
+  when: item not in sites
+  notify: restart nginx
+
+- name: activate nginx sites
+  file: src=/etc/nginx/sites-available/{{ item.key }} dest=/etc/nginx/sites-enabled/{{ item.key }} state=link
+  with_dict: "{{ sites }}"
+  notify: restart nginx
+
+- name: ensure nginx started
+  service: name=nginx state=started enabled=yes

examples/026_vault/roles/nginx/templates/nginx.conf.j2

@@ -0,0 +1,13 @@
+upstream {{ item.key }} {
+{% for server in groups.webserver %}
+    server {{ server }}:{{ item.value.backend }};
+{% endfor %}
+}
+
+server {
+    listen {{ item.value.frontend }};
+
+    location / {
+        proxy_pass http://{{ item.key }};
+    }
+}

examples/026_vault/roles/nginx/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for nginx

examples/026_vault/site.yml

@@ -0,0 +1,6 @@
+---
+- include: control.yml
+- include: database.yml
+- include: webserver.yml
+- include: loadbalancer.yml
+- include: playbooks/stack_status.yml

examples/026_vault/webserver.yml

@@ -0,0 +1,6 @@
+---
+- hosts: webserver
+  become: true
+  roles:
+    - apache2
+    - demo_app